Oracle® Fusion Middleware Release Notes 11g Release 1 (11.1.1) for Linux x86 Part Number E10133-04 |
|
|
View PDF |
This chapter describes issues associated with Oracle Portal. It includes the following topics:
In addition to the known problems and workarounds described in this document, Oracle recommends that you read the Metalink note 834615.1 - Oracle Fusion Middleware 11g Portal (11.1.1) Support Status and Alerts. This article contains known issues that were discovered after the release of Oracle Portal 11g Release 1 (11.1.1).
This section describes general issues and workarounds. It includes the following topics:
Section 34.2.1, "Oracle Portal 11g Release 1 (11.1.1) with Oracle Application Server Wireless"
Section 34.2.4, "Moving Content When Approval Is Enabled Does Not Require Approval"
Section 34.2.5, "Firefox and Safari Browsers Do Not Display Tooltips on Oracle Portal Screens"
Section 34.2.6, "Non-ASCII URLs Cannot be Decoded in Some Scenarios"
Section 34.2.7, "Manual Changes to Oracle Portal Default Schema Objects"
Section 34.2.14, "IPv6 Support in Oracle Portal 11g Release 1 (11.1.1)"
Integrating Oracle Application Server Wireless 10g with Oracle Portal 11g Release 1 (11.1.1) requires you to complete a set of manual steps, as described in the Metalink note 837837.1 (Oracle Portal 11g Release 1 (11.1.1) with Oracle Application Server Wireless). In addition, see the following Metalink notes for information about deprecated features in 10g:
Note that the information presented in Chapter 5, titled "Understanding Oracle Instant Portal," in the Oracle Fusion Middleware User's Guide for Oracle Portal applies to users upgrading their existing Instant Portals to Oracle Portal 11g Release 1 (11.1.1). For information about deprecated features in 10g, see the Deprecated Features in Oracle Application Server 10g Release 2 (10.1.2) Metalink note.
If the database where the portal schema is installed is version 10.2 or later, then users must re-enter the remote user's password when they rename or edit a database link from the Portal Navigator's Database Objects tab. This is applicable only for those database links that are created with the Specific User option.
Moving content between pages or between regions of the same page does not trigger approvals. For example, when a target page is configured with an approval process and a contributor moves content from a source page to the target page, the moved content does not trigger the approval process on the target page, even when approval is required for all users.
Firefox and Safari browsers do not support the display of tooltip text, which is set using the ALT attribute for image descriptions.
As a workaround, you can download and install browser-specific add-ons, such as Popup ALT Attribute for Firefox (see https://addons.mozilla.org/en-US/firefox/addon/1933
).
If the JVM default character encoding is set to ISO8859-1, the Portal repository database character set must match with the JVM default character encoding. If this condition is not satisfied, non-ASCII URLs may become inaccessible.
Any manual changes to Oracle Portal default objects, such as tables, views, packages, or indexes are not supported. Such changes may render Oracle Portal unusable. Note that the internal structure of Portal objects can change between versions.
For more information, see the 403179.1 Metalink note.
If you are using Secure Enterprise Search (SES), then by default, the search result of your Portal displays durable URL format for an item or a page. To display your URL as a readable format, perform the following steps:
Run sbrsrxml.sql
, located at ORACLE_HOME\upgrade\portal\admin\plsql\wws
in Windows and ORACLE_HOME/upgrade/portal/admin/plsql/wws, in UNIX, using your Portal schema password.
Enter the value 0
, for example @wws\sbrsrxml.sql 0
in Windows.
After you run a full SES crawl, your URL is displayed in a readable format. And if you want your URL to display the durable URL format, then run sbrsrxml.sql
and enter the value 1
.
This section describes how to encrypt a password in the mod_oradav.conf
file. Perform the following tasks:
Editing the DAV Password
To edit the password in the mod_oradav.conf
file, do the following:
Open your mod_oradav.conf
file, located at INSTANCE_HOME/config/OHS/ohs1/moduleconf
(UNIX).
Locate the DAV
entry for which you wish to change the password. In a default portal instance, you can find the DAV
configuration entry in the following directive:
<Location /dav_portal/portal>
In the DAV
entry, remove the directive ORACRYPTPASSWORD
(For example, DAVParam ORACRYPTPASSWORD BS50NfrosVZOjfgc9hUQ9wcbFFxLSYT/BA==
), and replace with the clear text password using the following syntax:
DAVParam ORAPASSWORD <your_password_here>
For example:
If you want to have a password of passwd123
, add a line as follows: DAVParam ORAPASSWORD passwd123
.
Save the file.
Obfuscate the Password
After editing the DAV password, it is recommended that the DAV password be obfuscated by running the oradavTool.pl
script located at ORACLE_HOME/bin
in UNIX and ORACLE_HOME\bin
in Windows. To do so, perform the following steps:
If necessary, change the user to the Oracle software owner user, typically oracle, using the following command:
su - oracle
Set the ORACLE_HOME
environment variable to specify the path to the Oracle home directory for the current release, and set the PATH environment variable to include the directory containing the Perl executable and the location of the oradavTool.pl
script (Located at ORACLE_HOME/ohs/bin
in UNIX and ORACLE_HOME\ohs\bin
in Windows).
Bourne, Bash, or Korn shell:
$ ORACLE_HOME=new_ORACLE_HOME_path;export ORACLE_HOME PATH=$ORACLE_HOME/bin:$ORACLE_HOME/perl/bin:$PATH;export PATH
C or tcsh shell:
% setenv ORACLE_HOME new_ORACLE_HOME_PATH % setenv PATH ORACLE_HOME/bin:$ORACLE_HOME/perl/bin:PATH
On Microsoft Windows, set the PATH and PERL5LIB environment variable:
set PATH=ORACLE_HOME\bin;%ORACLE_HOME%\perl\bin;%PATH% set PERL5LIB=ORACLE_HOME\perl\lib
On UNIX platforms, set the shared library path environment variable
Include the ORACLE_HOME/lib
or lib32
directory in your shared library path. Table 34-1 shows the appropriate directory and environment variable for each platform.
Table 34-1 Shared Library Path Environment Variable
Platform | Environment Variable | Include Directory |
---|---|---|
AIX Based Systems |
|
|
HP-UX PA-RISC |
|
|
Solaris Operating System |
|
|
Other UNIX platforms, including Linux and HP Tru64 UNIX |
|
|
For example, on HP-UX PA-RISC systems, set the SHLIB_PATH
environment to include the ORACLE_HOME/lib
directory:
$SHLIB_PATH=$ORACLE_HOME/lib:$SHLIB_PATH;export SHLIB_PATH
Change directory to the ORACLE_HOME/bin
(UNIX) directory, as this is the location of the oradavTool.pl
script.
Invoke the following Perl script to encrypt the mod_oradav.conf
password:
perl oradavTool.pl -f mod_oradav.conffilename
Where mod_oradav.conffilename
is the filename for mod_oradav.conf
, which includes the full path to the mod_oradav.conf
file.
For example, in UNIX:
perl oradavTool.pl -f /u01/app/oracle/as11gr1/ORACLE_INSTANCE/config/OHS/<ohs_name>/moduleconf/mod_oradav.conf
The directive ORAPASSWORD
is updated with the new directive ORACRYPTPASSWORD
, and your password is obfuscated.
Restart your Oracle HTTP Server.
When migrating an external application during the cloning process, you must run the ssomig
utility after the import is completed as follows:
Open the tnsnames.ora
file, and enter connect string entries to the sso database in tnsnames.ora
file.
Set the TNS_ADMIN
environment variable to the tnsnames.ora
file location.
Run the ssomig
utilty (Located at INFRA_HOME/sso/bin
):
$INFRA_HOME/sso/bin/ssomig -import -overwrite -s orasso -p <<ORASSO_SCHEMA_PASSWORD>> -c <<TNS_ALIAS>> -d ssomig.dmp -log_d <<ABSOLUTE_PATH_FOR_MREXPDIR>> -discoforce
In Oracle Portal 11g Release 1 (11.1.1), JPDK samples are not available, by default. The jpdk.ear
file and can be deployed, by performing the following:
Log on to the Oracle WebLogic Server Administration Console.
If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit.
In the Domain Structure tree, select Deployments.
The Summary of Deployments page is displayed.
Click Install.
Select jpdk.ear
from your directory (Located at ORACLE_HOME/archives/applications
), and click Next.
Select Install this deployment as an application, and click Next.
Check the target from the Install Application Assistant page, and click Next.
In the Name field, enter a name for the deployment.
Click Finish.
Click Activate Changes.
From the Summary of Deployments page, select the application and click Start.
If RCU portal schema creation fails with the error message ORA-24246: empty access control list (ACL) not allowed, do the following:
Connect to the database as a SYS user.
At the SQL prompt, run the following command:
BEGIN DBMS_NETWORK_ACL_ADMIN.drop_acl ( acl => '/sys/acls/portal-permissions.xml'); COMMIT; END; /
If you have Oracle Text enabled, the following internal server error may occur when you are searching for Pages:
Internal error (WWC-00006) An unexpected error has occurred (WWS-32100) Unknown Exception (WWC-45131) User-Defined Exception (WWV-11230) Unexpected error - ORA-00600: internal error code, arguments: [qkeIsExprReferenced1], [], [], [], [], [], [], [] (WWC-35000)
If this error occurs, you must download and install database updates from http://updates.oracle.com/download/7041059.html
.
Oracle Portal 11g Release 1 (11.1.1) is not directly supported on Internet Protocol Version 6 (IPv6). The supported configuration comprises the following:
An IPv4/IPv6 reverse proxy setup on an IPv4/IPv6 dual stack machine.
The Portal mid-tier and the backend database on IPv4 machines, and clients accessing the Portal server through the proxy.
This section describes the upgrade issues and workarounds. It discusses the following topics:
Section 34.3.1, "Relative Hypertext Links to Images and Documents May Break After Upgrade"
Section 34.3.3, "Upgrading from Oracle Portal 10g to Oracle Portal 11g Release 1 (11.1.1)"
Section 34.3.4, "Upgrading Sample WSRP Providers During a Portal Midtier Upgrade"
Section 34.3.5, "Upgrading Portal 10g SSL Environment to Oracle Portal 11g Release 1 (11.1.1)"
When upgrading to Oracle Portal 11g Release 1 (11.1.1), relative hypertext links to images and documents may be broken. This can occur when the relative hypertext link uses a different case than the file name. For example, if a pre-upgrade image was uploaded to your portal with the name PROCESS1.GIF
, and a hypertext link is referring to process1.gif
, after the upgrade, the relative hypertext link to the image will be broken. You are most likely to encounter this in HTML templates or in documents that refer to images or other documents.
To address this issue, edit image and document names, making their case agree with the case used for the file names.
If you have set the FILE_ACCESS_ROLE
system parameter in the database before installing or upgrading to Oracle Portal 11g Release 1 (11.1.1), you may want to reset it after the installation or upgrade.
The FILE_ACCESS_ROLE
system parameter is used to specify the name of a database role that is authorized to create an index using the FILE or URL datastores. If the parameter is set, any user attempting to create an index using FILE or URL datastores must have this role otherwise the index cannot be created.
In database versions earlier than Oracle Database 11g Release 2, if the FILE_ACCESS_ROLE
parameter was not set, users did not need to have a specific role to create indexes using the FILE or URL datastores. From Oracle Database 11g Release 2 onwards, if the FILE_ACCESS_ROLE
parameter is not set, the URL and File datastore are disabled and indexes using the FILE or URL datastores cannot be created. For more information, see the Oracle Text documentation at http://www.oracle.com/technology/products/text/index.html
.
When installing or upgrading to Oracle Portal 11g Release 1 (11.1.1), into a database that is Oracle Database 11g or higher, the following events occur:
The "PORTAL_SEARCH_FILE_ACCESS_ROLE
" role is created.
The "PORTAL_SEARCH_FILE_ACCESS_ROLE
" role is granted to the portal schema.
The FILE_ACCESS_ROLE
system parameter set to "PORTAL_SEARCH_FILE_ACCESS_ROLE
" regardless of whether the preference was originally set
If the FILE_ACCESS_ROLE
system parameter was set before installing or upgrading to Oracle Portal 11g Release 1 (11.1.1) from a previous version, you may want to set it back to the original role. If you reset it to another role, you must grant that role to the Oracle Portal schema for Oracle Portal Search to function correctly.
After you upgrade from Portal 10g Release 2 (10.1.4) to Portal 11g Release 1 (11.1.1), translations of some components or portlets will be missing, for example survey builder, User Surveys, and so on. To fix this issue, you must refresh the database provider, by login to the Oracle Portal, then go to Navigator, Providers, Registered Providers and then select your database provider, and then click Refresh. After refreshing you should be able to see the translations.
After you upgrade from Portal 10g release to Portal 11g Release 1 (11.1.1), you will not able to refresh the tools producers (omni, webclip, or sample) that were registered from the previous release. To fix this problem, log in to Oracle Portal, then go to Administer. Click Portlets tab, and enter the name of your registered producer (Registered from the previous release) in the Remote Providers section. Click Refresh.
The Sample WSRP provider does not upgrade automatically during a Portal midtier and any instances of portlets on pages from that producer will give an error post upgrade. To upgrade the SampleWSRP Web Provider, do the following:
Deploy the wsrp-samples.ear
file to the new Portal managed server (WLS_PORTAL) instance using the Oracle WebLogic Server Administration Console.
Make the preference store that the old producer used available to the new instance. You can do this, by making the new producer use the same preference store (in scenario, where the data base preference store is used), or by migrating the preference store using the preference store migration utility.
Update the registration details in portal to point to the new location of the producer, by using the Edit Registration page within Portal.
When you upgrade SSL environment from Oracle Portal 10g to Oracle Portal 11g Release 1 (11.1.1), you will not able to login to Oracle Portal, when you have SSO and Portal Midtier on the same hostname. Internet Explorer has a problem redirecting back and forth on the same hostname between two different ports under SSL mode. As a workaround, you can use Mozilla Firefox.
This section describes the interoperability issues and workarounds. It discusses the following topics:
For this interoperability scenario to work, you must download and install updates from http://updates.oracle.com/download/7685124.html
and see 816929.1 from http://metalink.oracle.com
.
For this interoperability scenario to work, you must download and install updates from http://updates.oracle.com/download/7971335.html
.
In Portal 11g 1 (11.1.1), you cannot create webproviders when you are using 11g midtier with 10g portal repository.
This section describes issue and workaround related to the Oracle Portal user interface. It includes the following topic:
Cannot Set Privileges Using List View on Pages Inheriting Privileges from Parent or Template
If you use the List View to set access privileges for one or more pages, then privileges will not be set on pages inheriting privileges from a parent page or template. As a workaround, change the privileges for such pages individually, that is, using the Access tab for the subpage.
This section describes issues and workarounds related to export and import in Oracle Portal. This section includes the following topics:
If you include Reports Server Components within a transport set, then they are deleted on export and import. In addition, do not configure the Oracle Reports item type in any page groups intended for export and import. If you do, then the following error is displayed when you try to configure item types in the imported page group (by clicking the Content Type and Classifications Edit link on the Configure tab for the page group):
Internal error (WWC-00006) Unexpected error - User-Defined Exception (WWC-35000) Unexpected error - ORA-01403: no data found (WWC-35000)
After you complete the transport set transfer, click Display Manifest to display the transport set manifest. Ensure that you save the transport set before performing the precheck of the transferred data. This step takes the manifest changes.
Importing a page group may fail with the following error message:
[Error: (WWU-80338)] context = Schema Validation user = ORCLADMIN There were some inconsistencies found and hence import process is aborted.Check the debug log for further details.Fix those inconsistencies, by running schema validation in cleanup mode to proceed
This problem might occur after deleting a page group containing shared portlets. You must run SVU in cleanup mode to ensure a smooth export or import process.
This section describes issues and workarounds related to OmniPortlet, Web Clipping, Simple Parameter Form, Page portlet, and WSRP providers. This section includes the following topics:
Section 34.7.1, "Registering WSRP Producers in Enterprise Configurations"
Section 34.7.2, "Setting up the WSRP and JPDK Application in Oracle Portal"
Section 34.7.3, "Issue When Accessing Page Portlet Using Federated Portal Adapter"
Section 34.7.5, "SSL Support for Oracle Portal Integration Solutions (Microsoft Exchange)"
When you register a WSRP producer in an Enterprise configuration, you must create a Web Services Definition Language (WSDL) document manually, then register the WSRP producer using that WSDL. This is because the dynamically generated WSDL creates URLs using the HTTPS protocol and the HTTPS port while WSRP producers use HTTP.
Note:
A producer for WSRP portlets is analogous to a provider for PDK-Java portlets.To create a WSDL document manually, perform the following tasks:
View the dynamically generated WSDL through your browser (preferably Internet Explorer).
To view the WSDL for our WSRP samples, go to:
http://host:external http port/portletapp/portlets?WSDL
Save the file from the browser to any externally available location.
For our WSRP Samples, save the file from the browser into the following directory:
ORACLE_HOME/j2ee/home/applications/portletapp/wsrp-samples
Save the file as wsrpsamples.wsdl
.
Edit the file, replacing https
with http
and correcting the ports to be the external http ports.
View the file through a browser.
For example, for our WSRP Samples use the following URL:
http://host:external http port/portletapp/wsrpsamples.wsdl
Use the URL to your *.wsdl
file (such as the URL under Step 4) when you register the WSRP producer.
For more information about Enterprise configurations, see the Oracle Fusion Middleware Enterprise Deployment Guide for Java EE.
This section describes steps to manually configure the WSRP and JPDK application and deploying them on the Oracle WebLogic Server. This section includes:
To deploy the EAR file, download the wsrp-samples.ear file, from http://www.oracle.com/technology/products/ias/portal/pdk.html
and do the following:
Click Lock & Edit.
In the Domain Structure tree, select Deployments.
The Summary of Deployments page is displayed.
Click Install.
Select wsp-samples.ear from your directory, click Next.
Select Install this deployment as an application, and click Next.
Check WLS_PORTAL from the Servers section, and click Next.
Enter a name for the deployment, and click Finish.
Click Activate Changes.
From the Summary of Deployments page, select the application, click Start and then select Servicing all requests.
For more information, see Creating Java Portlets in the Oracle Fusion Middleware Developer's Guide for Oracle Portal.
To deploy the JPDk, download the jpdk.ear from http://www.oracle.com/technology/products/ias/portal/pdk.html
and do the following:
Click Lock & Edit.
In the Domain Structure tree, select Deployments.
The Summary of Deployments page is displayed.
Click Install.
Select jpdk.ear from your directory, and click Next.
Select Install this deployment as an application, and click Next.
Check WLS_PORTAL from the Servers section, and click Next.
In the Name field, enter a name for the deployment.
Click Finish.
Click Activate Changes.
From the Summary of Deployments page, select the application, click Start and then select Servicing all requests.
For more information, see Creating Java Portlets in the Oracle Fusion Middleware Developer's Guide for Oracle Portal.
The Federated Portal Adapter enables you to display remote portal pages in your portal. However, if both portal instances do not share the same Oracle Single Sign-On server, then you cannot display a remote portal page as a page portlet, even if the remote page is public. A message is displayed instead of the page portlet, as shown in the following example:
Portlet 257,75057 responded with content-type text/plain when the client was requesting content-type text/html
As a workaround, configure both portal instances to use the same Oracle Single Sign-On server.
When you redeploy your portlets to the portlet container, all existing sessions between the producer and all of its consumers are lost. If a consumer tries to reuse an existing producer session, then it may receive an error message the first time it tries to contact the producer after redeployment, as shown in the following example:
Error: Could not get markup. The cookie or session is invalid or there is a runtime exception.
To reestablish the producer's session, refresh the portal page. You will not see this error message if you are reaccessing the portlet from a new browser session because it automatically establishes a new producer session.
SSL support is not available for Oracle Portal Integration Solutions (Microsoft Exchange). This is a known limitation.
Oracle Portal Developer Kit (PDK) version 10.1.2 is included with the Portal and Wireless installation. Release notes for the PDK-Java and PDK-PL/SQL can be found at the following middle-tier ORACLE_HOME
locations:
PDK-Java: ORACLE_HOME
/portal/pdkjava/v2/pdkjava.v2.releasenotes.html
PDK-PL/SQL: ORACLE_HOME
/portal/pdkjava/v2/pdkplsql.release.notes.html
Latest Version of Oracle PDK
New versions of the Oracle PDK are released periodically providing new features, new APIs, and additional documentation. To take advantage of all the latest features, download the latest PDK from the PDK downloads page on the Oracle Technology Network (OTN) at http://www.oracle.com/technology/products/ias/portal/pdk.html
.
Release notes for the latest Oracle PDK version are available on Oracle Portal on OTN and also in these PDK download locations:
pdk\plsql\pdkplsql.release.notes.html
pdk\jpdk\v2\pdkjava.v2.release.notes.html
This section describes issues and workarounds related to Globalization Support in Oracle Portal. It includes the following topics:
Section 34.9.1, "Text Entry Always Right to Left in BiDi Languages"
Section 34.9.2, "Non-ASCII Character Limitations in Oracle Portal"
The direction of all text areas and fields is right to left (RTL). However, you may want some text areas to work left to right (LTR). Internet Explorer users can change this by pressing the left hand side Ctrl and Shift keys.
When you copy and paste an item URL containing non-ASCII characters from one browser Location or Address field into another, you may not be able to access the item if your login credentials have not been authenticated through OracleAS Single Sign-On.
As a workaround, log in to the portal before you access the item and copy the item URL.
In some scenarios, multibyte characters in log files may get corrupted.
For example, when the WLS_PORTAL managed server is started from the Oracle WebLogic Server Administration Console, multibyte characters, such as username
, password
, and is starting
, may get corrupted.
Workarounds:
Change -Dfile.encoding=iso-8859-1
to -Dfile.encoding=utf8
in the WLS_PORTAL start-up parameter through the Oracle WebLogic Server Administration Console.
Change -Dfile.encoding=iso-8859-1
to -Dfile.encoding=utf8
in the setDomainEnv.sh
file (Located at MIDDLEWARE_HOME/user_projects/domains/DomainName/bin
).
For more information, see the 403179.1 Metalink note.
This section describes documentation erratas. It includes the following topics:
Section 34.10.4, "Re-Registering the Oracle HTTP Server Partner Application"
Section 34.10.5, "Configuring End-to-End SSL for an Upgraded Oracle Portal Environment"
Section 34.10.6, "Upgrading the Portal Schema in a Customer Database"
Section "15.1 Retrieving Object Privileges" in the Oracle Fusion Middleware Developer's Guide for Oracle Portal has an inaccurate example for Example 15-1 Retrieving the List of Privileges for a Page (grantee_list API). The example should read as follows:
declare l_grantees wwsec_api.grantee_array; l_object_type_name varchar2(5) := wwsec_api.PAGE_OBJ; l_name varchar2(60) := '33/17623'; begin -- Call the function. l_grantees := wwsec_api.grantee_list( p_object_type_name => l_object_type_name, p_name => l_name ); -- Output the results if l_grantees is not null then if l_grantees.count > 0 then for i in l_grantees.first..l_grantees.last loop if l_grantees.exists(i) then dbms_output.put_line('GRANTEE_TYPE '||to_char(i)||'= '||l_grantees(i).GRANTEE_TYPE); dbms_output.put_line('GRANTEE_ID '||to_char(i)||'= '||l_grantees(i).GRANTEE_ID); dbms_output.put_line('GRANTEE_NAME '||to_char(i)||'= '||l_grantees(i).GRANTEE_NAME); dbms_output.put_line('PRIVILEGE '||to_char(i)||'= '||l_grantees(i).PRIVILEGE); end if; end loop; end if; end if; exception ... end; /
Section "6.4 Configuring Virtual Hosts" in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal, has a missing step. This step should come after the section "6.4.2 Configure Oracle Web Cache" as follows:
Register Oracle Portal with OracleAS Single Sign-On
To register Oracle Portal with OracleAS Single Sign-On, do the following:
Run ssoreg
to register the virtual host, www.abc.com
, for which mod_osso
facilitates single sign-on. The specific application URLs to be defined as partner applications within this site are defined in the file osso.conf
. ssoreg
is located on the middle tier in ORACLE_HOME/sso/bin for UNIX and ORACLE_HOME\sso\bin
for Windows).
The following example shows the usage of ssoreg
:
ORACLE_HOME/sso/bin/ssoreg.sh -site_name www.abc.com:8090 -config_mod_osso TRUE -mod_osso_url http://www.abc.com:8090 -remote_midtier -config_file ORACLE_HOME/Apache/Apache/conf/osso/osso_xyz.conf
Copy the osso.conf
file to the INSTANCE_HOME/config/OHS/ohs1
directory.
Open the httpd.conf
file (located at INSTANCE_HOME/config/OHS/ohs1
) using a text editor and add the following osso.confparameters:
<VirtualHost *:8888> ServerName www.xyz.com:8090 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit OssoIpCheck off OssoSecureCookies of OssoIdleTimeout off OssoConfigFile osso_xyz.conf OssoIpCheck off </VirtualHost>
Restart the Oracle HTTP Server.
See Also:
824225.1 fromhttp://metalink.oracle.com
for information on using separate sites in the Web Cache site definitions and using separate site to server mapping.In the section "Configuring Loopback to the Internal Server" in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal, ensure that you add an entry for the proxy machine in the in the local host file on the database machine. This step is required for the database machine to resolve the address of the proxy machine on the network.
In the section "Re-Registering the Oracle HTTP Server Partner Application" in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal has an inaccurate example. The example should read as follows:
ORACLE_HOME/sso/bin/ssoreg.sh -site_name www.abc.com -config_mod_osso TRUE -mod_osso_url https://www.abc.com:4443 -update_mode Modify -remote_midtier -config_file INSTANCE_HOME/config/OHS/ohs1/osso.conf -admin_info cn=orcladmin
Section "4.1.3 Configuring End-to-End SSL" in the Oracle Fusion Middleware Upgrade Guide for Oracle Portal, Forms, Reports, and Discoverer, has some missing steps. You must perform these steps after you have completed step 4. The additional steps are as follows:
Import the Web Cache SSL certificate into the Portal Database Wallet's trust store.
If you don't have a database wallet, you could create one using Oracle wallet manager or orapki utility in the installation where the database resides. Once you have the wallet, import the SSL certificate of web cache into the database wallet.
This wallet location has to be registered into the Portal preference store using the secwc.sql
script, located at ORACLE_HOME/portal/admin/plsql/wwc
.
This section details the steps for upgrading a portal schema residing in a customer database configuration outside the OracleAS Metadata Repository.
Note:
If the OracleAS Portal instance was originally installed in release 3.0.9 or earlier, or if it was installed using theptlasst
utility, then the portal schema resides in a customer database configuration outside the OracleAS Metadata Repository and needs to be upgraded using the steps in this section.To upgrade the portal schema residing in a customer database, you must use the upgrade.bat
(Windows) or upgrade
(UNIX) script. Perform the following steps to upgrade the portal schema residing in a customer database:
Set the ORACLE_HOME
environment variable to the Oracle home of the midtier.
Add the Transparent Network Services (TNS) entry of the database containing portal schema to Instance_Home\config
in Windows and Instance_Home/config
in UNIX.
Set the TNS_ADMIN
environment variable to the following location: INSTANCE_Home/config
(UNIX).
Ensure that you are able to connect to database using portal schema.
Verify if you can connect to the portal schema in the database Oracle home by specifying the schema password and the TNS name using SQL*Plus.
For example in UNIX:
sqlplus portal/portal@orcl
Change the directory to ORACLE_HOME/upgrade/portal/admin/plsql
(UNIX).
Stop all Oracle Fusion middleware services in the middle-tier Oracle homes that are associated with the portal schema being upgraded. For this, stop the WLS_PORTAL through the Oracle WebLogic Server Administration Console and run INSTANCE_HOME/bin/opmnctl stopall
(UNIX).
Verify that the Oracle Internet Directory associated with the portal schema is up and running.
Run the upgrade script in precheck mode until there are no errors found.
On UNIX, run the script as follows:
ORACLE_HOME/upgrade/portal/admin/plsql/upgrade -precheck
When -precheck
is specified, only the pre-upgrade checks are done and the upgrade exits after that. In this mode, the upgrade is not immediately terminated if a precheck fails. Instead, the errors for all prechecks are consolidated in the upgrade.log
file. This file is generated in the ORACLE_HOME/upgrade/portal/admin/plsql
(UNIX) directory. Look at the end of the log file to see a list of checks that failed. Run the upgrade in this mode until none of the prechecks fails. In this mode, the schema is not altered, so restoring from your backup is not necessary between runs.
Look up any errors found in the precheck log file. Contact Oracle Support Services for any errors that are not documented or that cannot be resolved by following documented actions.
After resolving all warnings and errors from the precheck.log
file, run the upgrade script without any parameters.
On UNIX, run the script as follows:
ORACLE_HOME/upgrade/portal/admin/plsql/upgrade
The script prompts you for information about the system setup. Your answers are echoed for verification at the end of the script. However, if you discover that you have entered incorrect information before the end of the script, then you can exit before any changes are made by answering n to the last script inquiry.
The following are the questions from the script. Default answers to the questions are given in brackets.
Have you backed up your database (y|n)? [y]:
If you have not backed up the database, then answer n
, back up the database, and restart the script. If you have backed up the database, then answer y
.
Enter the name of the schema you would like to upgrade [portal]:
If the schema name is different from the default OracleAS Infrastructure 10g installation schema name of portal
, then enter the schema name.
Enter the password of the schema you would like to upgrade [portal]:
If the password is not the same as the schema name, then enter the portal schema password.
Enter the password for the SYS user of your database [change_on_install]:
If the password is not change_on_install
, then enter the database SYS
password.
Enter the TNS connect string to connect to the database [orcl]:
Provide the TNS connect string. This can be found in the INSTANCE_HOME/config/tnsnames.ora
file (UNIX).
When the script is complete, examine the upgrade log files in the current directory to make sure there are no errors reported at the end.
Now start the midtiers assosicated with this repository. Check that portal is accessible.
Section '7.3.2.1.4 End to End SSL for Oracle Portal" in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal, has some inaccurate information in the following subsections:
Securing Oracle Web Cache in section '7.3.2.1.4 End to End SSL for Oracle Portal" in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal has some inaccurate information in the following subsections:
Configuring Oracle Web Cache SSL Port
By default SSL is configured for Oracle Web Cache. The steps in this subsection is optional and if you do not have an out-of-the-box SSL configuration for webcache SSL port then you must perform the steps explained in section "Configuring Oracle Web Cache SSL Port" in the Oracle Fusion Middleware Administrator's Guide for Oracle Portal. In the "Configuring Oracle Web Cache SSL Port" subsection, do the following:
Replace step 1 as follows:
Login to the Web Cache Administration Console (http://<wc-host>:<WebcacheAdminport>
), with the required credentials.
In step 3, replace the Port number 4444 with 8094.
Adding the SSL Origin Server
The subsection Adding the SSL Origin Server, is an optional step and it is required, if you do not have an out-of-the-box SSL configuration for webcache SSL port.
Enable Session Binding
The subsection Enable Session Binding, has an inaccurate step. Replace step 4 with the following:
In the Edit Session Binding dialog box, select Cookie based session binding with any Set-Cookie and click Submit.
You do not need to perform the steps mentioned in section Specifying Oracle Portal Published Address and Protocol.
In the section Configure HTTP Server, add the following details for the virtual host shown in bold in the ssl.conf
file located at INSTANCE_HOME/config/OHS/ohs1
(UNIX):
<VirtualHost *:8890> UseCanonicalName On ServerName https://dadvmn0041.us.abc.com:8094 <IfModule ossl_module> SSLEngine on SSLVerifyClient None SSLCipherSuite SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SH A,SSL_RSA_WITH_DES_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_C BC_SHA SSLCRLCheck Off SSLWallet @ "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
Note:
By defaultssl.conf
includes a seeded wallet, if you are using a custom wallet then you need to update the SSLWallet
directory path.Configuring and Registering WSRP Producers Exposed Over SSL, in section "7.3.2.1.7 Configuring and Registering Web Providers, Provider Groups, and WSRP Producers Exposed Over SSL" of the Oracle Fusion Middleware Administrator's Guide for Oracle Portal has incorrect information for point a in step 4. This should be as follows:
For registering SSL enabled providers with Oracle Portal Repository, you must import the client certificate as a trusted certificate into the configured keystore for Oracle Portal.
Note:
You can obtain the configured Keystore by log in to Oracle Portal, then go to Administer tab. Click Global Settings, and from the Global Settings page, click Keystore tab. If the keystore is not configured, then Oracle Portal picks up the default keystore configured for the database (Located atPORTAL_DB_ORACLE_HOME/javavm/lib/security/cacerts
in UNIX, and PORTAL_DB_ORACLE_HOME\javavm\lib\security\cacerts
in Windows.For out-of-the-box seeded providers like Omniportlet, WebClipping, JPDK do the following:
If the seeded providers are registered to Oracle Portal using Oracle Portal Web Cache SSL port (Configured for SSL only for Oracle Web Cache), then you have to import Oracle Portal Web Cache SSL certificate as a trusted certificate into the configured trust keystore where the J2EE war/ear
file is deployed (WLS_PORTAL).
If the seeded providers are registered to Oracle Portal using Oracle Portal Web Cache SSL port (Configured for end-to-end SSL), then you must perform the following:
Import Portal Web Cache SSL certificate, as a trusted certificate into the configured trust keystore(s) where the J2EE war/ear
file is deployed (WLS_PORTAL).
Open portal.conf
file (located at INSTANCE_HOME/config/OHS/ohs1/moduleconf
in UNIX and INSTANCE_HOME\config\OHS\ohs1\moduleconf
in Windows) and turn on the WLProxySSL
parameter in the seeded providers redirection definition. The example below shows the updated portal.conf
file for the seeded providers.
Portal Tools
<Location /portalTools> SetHandler weblogic-handler WebLogicHost stanj18.us.abc.com WebLogicPort 9001 WLProxySSL ON </Location>
WSRP Tools
<Location /wsrp-tools> SetHandler weblogic-handler WebLogicHost stanj18.us.abc.com WebLogicPort 9001 WLProxySSL ON </Location>
Rich Text Portlet
<Location /richtextportlet> SetHandler weblogic-handler WebLogicHost stanj18.us.abc.com WebLogicPort 9001 WLProxySSL ON </Location>
JPDK
<Location /jpdk> SetHandler weblogic-handler WebLogicHost stanj18.us.abc.com WebLogicPort 9001 WLProxySSL ON </Location>
Configuring the Parallel Page Engine, in section "7.3.2.1.3 SSL to Oracle Web Cache" of the Oracle Fusion Middleware Administrator's Guide for Oracle Portal, has a missing step. After you have completed Step 3, in the Configuring the Parallel Page Engine section, You need to configure the HTTP settings in the Oracle WebLogic Server Administration Console as follows:
Log in to Oracle WebLogic Server Administration Console.
If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit.
In the left pane of the Console, expand Environment and select Clusters.
Select the cluster server and, then the HTTP tab.
In the HTTP page enter the following information:
Frontend HTTP Port: Enter your Web Cache HTTP port, for example 8090.
Frontend HTTPS Port: Enter your Web Cache SSL port, for example 8094.
Click Save.
Click Activate Changes.
Restart your managed server.